The difference is subtle, but important in this context. Copying is a local, punctual and almost mechanical act: it is taking information and duplicating it. For example, when a cell transcribes DNA into RNA, it is making a functional copy of a piece of genetic material. The same thing happens when a DNA fragment is amplified in a laboratory: a sequence is copied. Replying, on the other hand, is a deeper process: it involves reproduce a complete system with continuity capacity. And that is what a new study published on arXiv points out, denounces or proves (as we want).
Copying oneself is one of the most profound abilities in life. Bacteria do it. Cells do it. Viruses exist thanks to this. And now, For the first time, an artificial intelligence system has shown that it can do something eerily similar: replicate autonomously on other computers.
We are not talking about consciousness. Not even an “awakening” AI. Nor from a machine with its own will. But something that until recently belonged more to science fiction, to the Terminator fantasy, than to computer security laboratories: an AI capable of finding vulnerable systems, infiltrating them, copying itself and starting the process again from the new machine.
The experiment, carried out by the Palisade Research organization, has been described by its authors as “the first documented demonstration of autonomous self-replication through hacking.” And although they ask for calm, their conclusions show an important change in the conversation about the risks of artificial intelligence. The key is to understand what “replicate” really means.
An AI model is not a living being hidden inside a computer. It is a gigantic set of mathematical parameters (called “weights”) that require hardware, power, and software to function. what he did The system in this study was something more like a computer worm than an artificial consciousness– Ordered to spread, finding vulnerabilities in a network controlled by the authors, extracting credentials, and deploying working copies of itself on other machines. These new copies could then repeat the process.
That is to say: it didn’t just execute instructions. It was also capable of maintaining the replication chain. The experiment was conducted in a deliberately vulnerable environment, designed to test the current limits of language models. The authors, led by Jeffrey Ladish (director of Palisade Research) They evaluated different types of security breaches and observed how various advanced systems managed to complete parts or even the entire attack sequence.
The results also show a striking acceleration. Just a year ago, comparable models only managed to complete these tasks in a small percentage of attempts. Now, some systems exceed success rates of 80% in certain experimental scenarios. That does not mean that an AI can escape to the internet tomorrow and multiply uncontrollably.
Despite this, it must be noted that the study has important limitations. The networks used were purposefully simplified and vulnerable, very different from the actual infrastructure of large companies or governments. Additionally, moving modern models requires enormous amounts of memory and computing power– Some take up hundreds of gigabytes and require specialized servers to function.
In other words: An AI cannot easily “hide” inside a laptop anyone like a classic virus did. But the true interest of the study is not so much in the present as in the trajectory.
Because the worrying thing is not that today they can do it in a limited way, but the speed with which they are improving. Ladish’s team explains that the models’ ability to execute long chains of autonomous actions, such as searching for vulnerabilities, writing code, moving between systems or persisting after a shutdown, is growing very fast.
And that changes the nature of the risk. Until now, most cyberattacks required constant human intervention. An attacker had to write the malware, choose targets, and supervise the operation. A sufficiently autonomous AI agent could automate much of that process– detect targets, adapt, correct errors and continue operating without continuous instructions.
It wouldn’t be artificial intelligence rebelling against humanity. It would be something much more plausible, and probably more dangerous in the short term: cybercriminals using autonomous agents capable of acting as attack multipliers.
The study also touches on a particularly sensitive point within the debate on safety in AI: the so-called “loss of control”.In biological systems, reproduction is what allows a species to survive even if specific individuals disappear. Something similar happens in computing. A program that can copy itself in multiple places is much more difficult to stop.
That’s why self-replication has been considered for years one of the theoretical “red lines” in AI security. Some previous work already warned that this ability could emerge soon, although until now it remained mainly an experimental hypothesis. What has changed now is that there is already a practical demonstration, although very controlled.
Perhaps the best way to understand this moment is not to think about Terminatorbut in the first computer viruses of the eighties. Those programs were small, limited and relatively clunky. But they introduced a new idea: software capable of propagating itself. Decades later, that idea supports everything from ransomware campaigns to global attacks.
The question is no longer whether an AI can be replicated under specific conditions. The question is What will happen when these systems are smaller, faster and more autonomous. A question that is no longer theoretical.